.svg)
The Financial Crimes Enforcement Network (FinCEN) recently issued a final rule requiring registered investment advisers (RIAs) and exempt reporting advisers (ERAs) to comply with anti-money laundering (AML) and countering the financing of terrorism (CFT) regulations under the Bank Secrecy Act (BSA). For the first time, these investment advisers (now referred to as “Covered IAs”) are classified as financial institutions under the BSA. This FinCEN mandate requires establishing the Five Pillars of AML compliance, suspicious activity reporting, sanctions screening, customer due diligence, and comprehensive recordkeeping.
According to FinCEN's final rule, this affects approximately 15,000 SEC-registered investment advisers and 5,800 exempt reporting advisers. The rule aims to close regulatory gaps and strengthen oversight of the investment adviser sector, which has been exploited for illicit finance activities. The rule takes effect on January 1, 2026.
While the recent change in U.S. administration introduces uncertainty regarding the final implementation timeline, the fundamental need for robust AML controls in the investment advisory sector remains unchanged. The Treasury Department’s 2024 risk assessment identified systemic vulnerabilities in the RIA sector, exacerbated by limited prior AML/CFT obligations. These vulnerabilities persist regardless of regulatory timelines, and forward-thinking firms recognize that implementing AML best practices represents sound risk management.
Key requirements for Covered IAs include:
AML/CFT program implementation: Investment advisers must develop risk-based AML/CFT programs tailored to their business model and risk exposure.
Customer Due Diligence (CDD): Firms must establish procedures to assess client risk and verify beneficial ownership information where necessary.
Suspicious Activity Reporting (SARs): Covered IAs must file SARs with FinCEN for transactions of $5,000 or more that indicate potential money laundering, fraud, or terrorism financing.
Recordkeeping and Travel Rule compliance: Covered IAs must maintain transaction records and comply with FinCEN’s Travel Rule, which requires financial institutions to collect and transmit specific information on transactions above $3,000.
SEC oversight: The Securities and Exchange Commission (SEC) will be responsible for examining and enforcing Covered IAs' compliance with these requirements.
What does this mean for financial institutions?
The expansion of AML/CFT requirements to investment advisers marks a significant regulatory shift that will impact both the investment industry and broader financial institutions.
Enhanced Transparency:
The rule addresses a major gap in the U.S. AML framework, reducing the ability of illicit actors to launder money through private equity, hedge funds, and venture capital investments. This includes high-net-worth individuals and institutional clients with complex ownership structures, making due diligence particularly challenging.
Operational adjustments :
Unlike banks and broker-dealers, RIAs have historically operated outside formal BSA/AML regulatory requirements, creating a significant experience gap as they now face these new obligations. Investment advisers must establish compliance frameworks similar to those of banks and broker-dealers, which will require investments in compliance personnel, technology, and monitoring systems particularly for smaller RIAs and ERAs that previously operated with limited regulatory oversight.
Broader regulatory scrutiny:
Financial institutions that interact with investment advisers, such as banks and custodians, may face additional due diligence requirements when dealing with Covered IAs.
AML Readiness: recommendations for financial institutions
To ensure timely compliance, RIAs should follow this strategic implementation roadmap.
Phase 1: Assessment & Planning (Q2-Q3 2025)
The first step involves conducting a thorough AML risk assessment to identify potential vulnerabilities. RIAs should then develop an implementation budget and resource plan to allocate necessary funds and personnel effectively. Selecting the right technology solutions and partners is crucial to ensure a seamless and efficient compliance process.
Phase 2: Program Development (Q3-Q4 2025)
During this phase, RIAs must draft comprehensive policies and procedures that align with regulatory expectations. Designating and training an AML compliance officer is essential to oversee the program and ensure adherence. Additionally, developing a client risk rating methodology will help classify clients based on their potential AML risk exposure.
Phase 3: Technology Implementation (Q3-Q4 2025)
Implementing a robust transaction monitoring system is key to detecting suspicious activity in real time. RIAs should also set up sanctions screening tools to ensure they do not engage with restricted entities. Establishing Suspicious Activity Report (SAR) filing procedures and systems will further enhance compliance readiness.
Phase 4: Training & Testing (Q4 2025)
Firm-wide AML training should be conducted to ensure all employees understand their responsibilities. Initial independent testing will help validate the program’s effectiveness, and any identified gaps or weaknesses should be addressed before the final compliance deadline.
Phase 5: Full Compliance (January 1, 2026)
By the start of 2026, all systems and processes should be fully operational. RIAs must begin ongoing monitoring and reporting to maintain compliance and detect emerging risks. Establishing a regular program review cycle will help ensure continuous improvement and adherence to evolving regulations.
Napier AI offers specialized implementation support for each phase, with particular expertise in accelerating the technology implementation timeline. Our configurable compliance modules can be tailored to the unique use cases of RIAs, ensuring a seamless and efficient transition to full compliance.
Interested in regulatory developments in North America?
Photo by Jan Folwarczny on Unsplash
